On Wed, Nov 23, 2011 at 08:59:52AM -0500, Xi Wang wrote: > Thanks for the pointer. However you cannot do the overflow check using > > if (sizeof(struct comedi_insn) * insnlist.n_insns < insnlist.n_insns) > > Let's assume 32-bit system, sizeof(struct comedi_insn) = 32, and > insnlist.n_insns = 0x7fffffff. > > Note that 32 * 0x7fffffff = 0xffffffe0 overflows but bypasses your check. >
Argh... You're right, my check is wrong. What I like about my patch though is that it doesn't introduce an arbitrary limit. Could you redo your check without the MAX_INSNS? regards, dan carpenter
signature.asc
Description: Digital signature
_______________________________________________ devel mailing list [email protected] http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
